Aqueous Digital

“NOT GDPR Compliant”: UK Non Compliance Register scam [Updated Jan 19]

Have you received an email entitled “Urgent Atten: You Are NOT GDPR Compliant!” or “To the Data Protection Officer of [www.anyonldwebsite.com] You are on the UK GDPR Compliance Directory?

If so, please just delete and ignore; it’s a scam though quite what their angle is we are at a loss to understand.

Most UK businesses went through a torturous few months early in 2018 making sure that they were ready for GDPR compliance. With all the publicity, it passed no one by and any business worth anything made sure that they were not deliberately in a state of non compliance. Which makes this email scam all the more mysterious.

The email below was sent to one of our customers early in November (with all the customer details redacted of course)

UK Non Compliance Register Scam Email
UK Non Compliance Register Scam Email

From: “Urgent Atten: You Are NOT GDPR Compliant!” <gdpr@europadatasend.info>

Date: 12 November 2018 at 16:26:51 GMT

To: enquiries@[company name here]

Subject: [company name here] Has Been Added To The Non Compliance Register

Reply-To: “Urgent Atten: You Are NOT GDPR Compliant!” <nongdprcompliantlist@hotmail.com>

Notification from the UK Non Compliance Register.

 

To the Owner of [company name here].

It has come to our attention that your company is not GDPR compliant.

As your company is not GDPR compliant your company has now been entered onto the Non Compliance Register.

Your company is under review and may be reported to the ICO for non GDPR compliance.

Please go to www.noncomplianceregister.com and enter your company name [company name here] into the search box.

You will see listed on the page the actions that may now be taken against your company for non GDPR compliance.

The Non Compliance Register is a FREE public service that is available to any member of the public.

The public can search the register to see if a company can be trusted to store their data securely before they give that company their personal data.

This email has been sent to inform you that you are on the non compliance register.

There is no need to reply to this email.

 

Disclaimer: This communication is not a business communication and can be legally sent. It is a notification to advise you of action taken against you. There is no personal data involved with this communication. The Non Compliance Register does not hold any personal data and displays only information that is already in the public domain and can be accessed and stored legally by any person who searches the ICO fee payers register for DPO’s and as such does not fall under the GDPR compliance law or the 1998 European Data Protection Act. It is a pubic service that is free of charge.

EDIT: In January 2019 they repeated the email but with slightly different data. It looked like this;

From: “The UK GDPR Compliance Directory” <nongdprcompliance@vectordataservices.info>
Date: 17 January 2019 at 07:07:29 GMT
To: enquiries@[yourwebsitehere]
Subject: To the Data Protection Officer of [www.anyoldwebsite.com] You are on the UK GDPR Compliance Directory
Reply-To: “The UK GDPR Compliance Directory” <gdprcompliancedirectory@hotmail.com>

GDPR Scam 1

 

The strange thing about this entire email is that it doesn’t appear to have a purpose, other than scaring business owners.

They don’t ask for money, the link to their website doesn’t work and now, the domain is currently parked.

Perhaps the clue is in the last line where they tell us;

“It is a pubic service that is free of charge” [EDIT: Now corrected in January – perhaps they read this blog!]

If the scam develops, I would expect them to find some way of getting people to sign up for something (it’s the standard approach) which then commits business owners to pay them lots of money from pretty much nothing. [EDIT: In January they include a link which opens a reply email. You are supposed to email them and then they will send you the report. Don’t do this. It’s a scam!]

Other scams such as Commercial Register rely on similarly confusing emails and then getting people to sign for a worthless link on an obscure website costing around £3,000.

In this case, it’s unclear what the end game is but it has all the hallmarks of a scam.

The irony of this email is that they have sent it to completely the wrong person. The customer they sent it to has spent months getting ready for GDPR and is totally compliant. It was for this reason that they knew it was a scam and sent it to us.

Anyway, we’ve done a bit of digging and here are the detail of the website;

 

Whois record for Non Compliance register
Whois record for Non Compliance register

 

 

Registrant           REDACTED FOR PRIVACY

Registrant Org   REDACTED FOR PRIVACY

Registrant Country          REDACTED FOR PRIVACY

Registrar              CRAZY DOMAINS FZ-LLC

IANA ID: 1291

URL: http://www.crazydomains.com

Whois Server: whois.syrahost.com

 

Registrar Status ok

Dates    79 days old

Created on 2018-09-26

Expires on 2020-09-26

Updated on 2018-11-15

Name Servers    NS59.WORLDNIC.COM (has 2,945,768 domains)

NS60.WORLDNIC.COM (has 2,945,768 domains)

 

Tech Contact      REDACTED FOR PRIVACY

REDACTED FOR PRIVACY,

REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY

IP Address          141.8.225.31 – 141,113 other sites hosted on this server

 

IP Location          Switzerland – Zurich – Zurich – Rook Media Gmbh

ASN       Switzerland AS40034 CONFLUENCE-NETWORK-INC – Confluence Networks Inc, VG (registered Apr 11, 2011)

Domain Status   Registered And Active Website

IP History             4 changes on 4 unique IP addresses over 0 years

Registrar History               1 registrar

Hosting History 4 changes on 5 unique name servers over 0 year

Website

Website Title      None given.

 

Domain Name: NONCOMPLIANCEREGISTER.COM

Registry Domain ID: 2315155677_DOMAIN_COM-VRSN

Registrar WHOIS Server: whois.syrahost.com

Registrar URL: http://www.crazydomains.com

Updated Date: 2018-11-16T02:33:11Z

Creation Date: 2018-09-27T00:00:00Z

Registrar Registration Expiration Date: 2020-09-27T00:00:00Z

Registrar: CRAZY DOMAINS FZ-LLC

Registrar IANA ID: 1291

Registrar Abuse Contact Email:

Registrar Abuse Contact Phone: +61.894220890

Reseller: CRAZY DOMAINS

Domain Status: ok https://icann.org/epp#ok

Registry Registrant ID: R-023531656-SN

Registrant Name: REDACTED FOR PRIVACY

Registrant Organization: REDACTED FOR PRIVACY

Registrant Street: REDACTED FOR PRIVACY

Registrant City: REDACTED FOR PRIVACY

Registrant State/Province: REDACTED FOR PRIVACY

Registrant Postal Code: REDACTED FOR PRIVACY

Registrant Country: REDACTED FOR PRIVACY

Registrant Phone: REDACTED FOR PRIVACY

Registrant Phone Ext:

Registrant Email: REDACTED FOR PRIVACY

Registry Admin ID: C-002881298-SN

Admin Name: REDACTED FOR PRIVACY

Admin Organization: REDACTED FOR PRIVACY

Admin Street: REDACTED FOR PRIVACY

Admin City: REDACTED FOR PRIVACY

Admin State/Province: REDACTED FOR PRIVACY

Admin Postal Code: REDACTED FOR PRIVACY

Admin Country: REDACTED FOR PRIVACY

Admin Phone: REDACTED FOR PRIVACY

Admin Phone Ext:

Admin Fax: REDACTED FOR PRIVACY

Admin Fax Ext:

Admin Email: REDACTED FOR PRIVACY

Registry Tech ID: C-002881298-SN

Tech Name: REDACTED FOR PRIVACY

Tech Organization: REDACTED FOR PRIVACY

Tech Street: REDACTED FOR PRIVACY

Tech City: REDACTED FOR PRIVACY

Tech State/Province: REDACTED FOR PRIVACY

Tech Postal Code: REDACTED FOR PRIVACY

Tech Country: REDACTED FOR PRIVACY

Tech Phone: REDACTED FOR PRIVACY

Tech Phone Ext:

Tech Fax: REDACTED FOR PRIVACY

Tech Fax Ext:

Tech Email: REDACTED FOR PRIVACY

Name Server: NS59.WORLDNIC.COM

Name Server: NS60.WORLDNIC.COM

DNSSEC: unsigned

URL of the ICANN WHOIS Data Problem Reporting System: https://www.icann.org/compliance/complaint

 

As you can see, there’s not a lot to see other than the fact that the domain has been live for just 79 days as I write this and pretty much all the owner details are hidden by a privacy screen.

The IP address places the site in Switzerland but as stated previously when we visited the site today it was conspicuous in its absence. This is all we could see;

Non Compliance Register website
Non Compliance Register website

Just a holding page with Google AdSense on it.

The email address extension of europdatasend.info is not a website and the reply email is simply a Hotmail account.

If and when the site does go live please don’t enter your details. All that will happen is you will find yourself swamped with similar emails from other scams as they will know, by your actions, that you are susceptible to this type of intimidatory email.

The summary is that if this is supposed to be a scam its a pretty poor one as we can see no clear way of them scamming anything. Whatever the case, if you get this email then consign it to the junk bin, fast.

More Articles